<?php
/**
* @file $Id: Permissions.php 525 2007-05-21 18:24:33Z focus-sis $
* @package Focus/SIS
* @copyright Copyright (C) 2006 Andrew Schmadeke. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
* Focus/SIS is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.txt for copyright notices and details.
*/

DrawHeader(ProgramTitle());

Search('staff_id');

if($_REQUEST['staff_id'])
{
	$profile_RET = DBGet(DBQuery("SELECT PROFILE FROM USERS WHERE STAFF_ID='".UserStaffID()."'"));
	
	//if($profile_RET[1]['PROFILE']!=User('PROFILE'))
	//{
		$old_profile = $_FOCUS['User'][1]['PROFILE'];
		$_FOCUS['User'][1]['PROFILE'] = $profile_RET[1]['PROFILE'];
		unset($_FOCUS['Menu']);
		unset($menu);
		include $staticpath.'Menu.php';
		$_FOCUS['User'][1]['PROFILE'] = $old_profile;
	//}
}

$username = DBGet(DBQuery("SELECT USERNAME FROM USERS WHERE STAFF_ID='".UserStaffID()."'"));
$username = $username[1]['USERNAME'];
$exceptions_RET = DBGet(DBQuery("SELECT MODNAME,CAN_USE,CAN_EDIT FROM USER_EXCEPTIONS WHERE USERNAME='".$username."'"),array(),array('MODNAME'));
//$featured_RET = DBGet(DBQuery("SELECT STAFF_ID,MODNAME FROM PORTAL_PROGRAMS WHERE STAFF_ID='".UserStaffID()."'"),array(),array('MODNAME'));

if($_REQUEST['modfunc']=='update' && AllowEdit())
{
	$old_menu = $_FOCUS['Menu'];
	$categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM STUDENT_FIELD_CATEGORIES ORDER BY SORT_ORDER,TITLE"));
	foreach($categories_RET as $category)
	{
		$file = 'Students/Student.php&category_id='.$category['ID'];
		$_FOCUS['Menu']['Students'][$file] = ' &nbsp; &nbsp; &rsaquo; '.$category['TITLE'];
	}					

	foreach($_FOCUS['Menu'] as $modcat=>$values)
	{
		foreach($values as $modname=>$title)
		{
			if(!is_numeric($modname))
			{
				if(!count($exceptions_RET[$modname]) && ((!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['TYPE']=='admin') || !$_REQUEST['can_use'][str_replace('.','_',$modname)]))
					DBQuery("INSERT INTO USER_EXCEPTIONS (USERNAME,MODNAME) values('$username','$modname')");
				elseif(count($exceptions_RET[$modname]) && $_REQUEST['can_edit'][str_replace('.','_',$modname)] && $_REQUEST['can_use'][str_replace('.','_',$modname)])
					DBQuery("DELETE FROM USER_EXCEPTIONS WHERE USERNAME='$username' AND MODNAME='$modname'");
			
				if((!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['TYPE']=='admin') || !$_REQUEST['can_use'][str_replace('.','_',$modname)])
				{
					$update = "UPDATE USER_EXCEPTIONS SET ";
					if(!$_REQUEST['can_edit'][str_replace('.','_',$modname)] && $profile_RET[1]['TYPE']=='admin')
						$update .= "CAN_EDIT='N',";
					else
						$update .= "CAN_EDIT=NULL,";
					if(!$_REQUEST['can_use'][str_replace('.','_',$modname)])
						$update .= "CAN_USE='N'";
					else
						$update .= "CAN_USE=NULL";
					$update .= " WHERE USERNAME='$username' AND MODNAME='$modname'";
					DBQuery($update);
				}

				/*if(!count($featured_RET[$modname]) && $_REQUEST['featured'][str_replace('.','_',$modname)])
					DBQuery("INSERT INTO PORTAL_PROGRAMS (STAFF_ID,MODNAME) values('".UserStaffID()."','".$modname."')");
				elseif(count($featured_RET[$modname]) && !$_REQUEST['featured'][str_replace('.','_',$modname)])
					DBQuery("DELETE FROM PORTAL_PROGRAMS WHERE STAFF_ID='".UserStaffID()."' AND MODNAME='$modname'");
				*/
			}
		}
	}
	$exceptions_RET = DBGet(DBQuery("SELECT MODNAME,CAN_USE,CAN_EDIT FROM USER_EXCEPTIONS WHERE USERNAME='".$username."'"),array(),array('MODNAME'));
	$_FOCUS['Menu'] = $old_menu;
}

if(UserStaffID())
	$staff_RET = DBGet(DBQuery("SELECT FIRST_NAME,LAST_NAME,PROFILE_ID FROM USERS WHERE STAFF_ID='".UserStaffID()."' AND SYEAR='".UserSyear()."'"));

if(UserStaffID() && !is_numeric($staff_RET[1]['PROFILE_ID']))
{
	echo "<FORM action=Modules.php?modname=$_REQUEST[modname]&modfunc=update&staff_id=".UserStaffID()." method=POST>";
	DrawHeader(_('Select the programs with which this user can use and save information.'),'<INPUT type=submit value='._('Save').'>');
	echo '<BR>';
	PopTable('header',_('Permissions'));
	echo '<TABLE border=0 cellspacing=0>';
	foreach($_FOCUS['Menu'] as $modcat=>$values)
	{
		echo '<TR><TD valign=top align='.ALIGN_RIGHT.'>';

		switch($modcat)
		{
			case 'School_Setup':
				$localized_modcat = _('School Setup');
			break;
			
			case 'Students':
				$localized_modcat = _('Students');
			break;
			
			case 'Users':
				$localized_modcat = _('Users');
			break;
			
			case 'Grades':
				$localized_modcat = _('Grades');
			break;

			case 'School_Information':
				$localized_modcat = _('School Information');
			break;

			case 'My_Information':
				$localized_modcat = _('My Information');
			break;

			case 'My_Child':
				$localized_modcat = _('My Child');
			break;
			
			case 'Classes_&_Grades':
				$localized_modcat = _('Classes & Grades');
			break;
			
			case 'Attendance':
				$localized_modcat = _('Attendance');
			break;

			case 'Eligibility':
				$localized_modcat = _('Eligibility');
			break;
			
			case 'Discipline':
				$localized_modcat = _('Discipline');
			break;
			
			case 'Billing':
				$localized_modcat = _('Billing');
			break;

			case 'Reports':
				$localized_modcat = _('Reports');
			break;
			
			default:
				$localized_modcat = str_replace('_',' ',$modcat);
			break;
		}

		echo "<BR><b><font color=gray>".$localized_modcat."</font></b></TD>";
		echo "<TH bgcolor=#FFFFFF><small><font color=gray>".str_replace(' ','&nbsp;',_('Can Use'))."</font></small></TH><TH bgcolor=#FFFFFF> &nbsp;<small><font color=gray>".str_replace(' ','&nbsp;',_('Can Edit Data'))."</font></small></TH><TH bgcolor=#FFFFFF></TH></TR>";
		if(count($values))
		{
			foreach($values as $file=>$title)
			{
				$can_edit = $can_use = 'CHECKED';
				if($exceptions_RET[$file][1]['CAN_EDIT']=='N')
					$can_edit = '';
				if($exceptions_RET[$file][1]['CAN_USE']=='N')
					$can_use = '';
				/*if($featured_RET[$file])
					$featured = 'CHECKED';
				else
					$featured = '';*/

				if(!is_numeric($file))
					echo "<TR><TD></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_use[".str_replace('.','_',$file)."] value=true $can_use></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_edit[".str_replace('.','_',$file)."] value=true $can_edit></TD><TD bgcolor=#DDDDDD> &nbsp; &nbsp;$title</TD></TR><TR><TD></TD><TD colspan=4 height=1 width=100% bgcolor=#000000></TR>";
				else
					echo '<TR><TD></TD><TD bgcolor=#FFFFFF colspan=3 align=center><small><b>- '.$title.' -</b></small></TD></TR>';
				
				if($file=='Students/Student.php')
				{
					$categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM STUDENT_FIELD_CATEGORIES ORDER BY SORT_ORDER,TITLE"));
					foreach($categories_RET as $category)
					{
						$file = 'Students/Student.php&category_id='.$category['ID'];
						$can_edit = $can_use = 'CHECKED';
						if($exceptions_RET[$file][1]['CAN_EDIT']=='N')
							$can_edit = '';
						if($exceptions_RET[$file][1]['CAN_USE']=='N')
							$can_use = '';
						/*if($featured_RET[$file])
							$featured = 'CHECKED';
						else
							$featured = '';*/

						$title = ' &nbsp; &nbsp; &rsaquo; '.$category['TITLE'];
						echo "<TR><TD></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_use[".str_replace('.','_',$file)."] value=true $can_use></TD><TD align=center bgcolor=#DDDDDD><INPUT type=checkbox name=can_edit[".str_replace('.','_',$file)."] value=true $can_edit></TD><TD bgcolor=#DDDDDD> &nbsp; &nbsp;$title</TD></TR><TR><TD></TD><TD colspan=4 height=1 width=100% bgcolor=#000000></TR>";
					}					
				}
			}
		}
		echo '<TR><TD colspan=5 align=center height=20></TD></TR>';
	}
	echo '<TR><TD colspan=5 align=center><INPUT type=submit value='._('Save').'></TD></TR></TABLE></FORM>';
	PopTable('footer');
}
elseif(UserStaffID() && is_numeric($staff_RET[1]['PROFILE_ID']))
{
	$profile_title = DBGet(DBQuery("SELECT TITLE FROM USER_PROFILES WHERE ID='".$staff_RET[1]['PROFILE_ID']."'"));
	echo '<BR>';
	PopTable('header',_('Error'),'width=50%');
	echo '<TABLE><TR><TD><IMG SRC=assets/warning_button.gif width=30></TD><TD>'.$staff_RET[1]['FIRST_NAME'].' '.$staff_RET[1]['LAST_NAME']._(' is assigned to the profile ').$profile_title[1]['TITLE'].'.<BR><BR> '._('To assign permissions to this user, either change the permissions for this profile using the').' '.ProgramLink('Users/Profiles.php',_('Profiles')).' '._('setup program or change this user to an Administrator with custom permissions using the').' '.ProgramLink('Users/User.php',_('General Info')).' '._('program').'.</TD></TR></TABLE>';
	PopTable('footer');
}
?>